This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies.
Continue
Learn More

Some cookies on this site are essential, and the site won't work as expected without them. These cookies are set when you submit a form, login or interact with the site by doing something that goes beyond clicking on simple links.

We also use some non-essential cookies to anonymously track visitors or enhance your experience of the site.

To control third party cookies, you can also adjust your browser settings.

The month of malicious spam: Fraudsters step up their attempts to infect PC users

September 03, 2007
Sophos Press Release

Sophos, a world leader in IT security and control, has revealed
the most prevalent malware threats causing problems for computer
users around the world during August 2007.

The figures, compiled by Sophos's global network of monitoring
stations, show a dramatic drop in malware spreading in the form of
email attachments, with just one infected message in every 1,000
emails in August, compared to one in 322 during the first six
months of 2007.

Spam, however, has continued to be a problem - much of it
linking to malicious websites designed to infect users. A series of
large-scale attacks have been made via spam email, directing users
to infected webpages with the promise of ecards,
pictures of
nude celebrities, YouTube
movies, and pop music
videos. People visiting the sites are running the risk of
having their PCs infected by malicious code which can then steal
personal information, spam out more malware and junk email, or
launch distributed denial of service attacks against innocent
parties.

The total number of infected webpages continues to grow, albeit
at a slightly slower rate than the month before. During August,
Sophos detected an average of 5,000 new infected webpages each day,
compared to 6,000 in July.

There was also a sharp spike in spam activity in the middle of
August due to one of the world's biggest ever single spam campaigns
designed to manipulate stock prices.

Top ten web threats

The top ten list of web-based malware threats in August 2007
reads as follows:

Mal/Iframe and ObfJS have retained their positions at the top of
the chart. Meanwhile, Decdec has crept up to third place,
accounting for 14 percent of this month's web-based malware, up 11
percent on July.

"Cybercriminals are successfully using email and the web in
co-ordination to infect innocent internet surfers," said Carole Theriault, senior
security consultant at Sophos. "Home users and businesses alike
need to take more steps to protect themselves from online threats,
or risk being hit time and time again. It should be clear for
everyone to see that businesses, web hosts and ISPs are failing to
properly defend their websites. Fraudsters are continuing to find
rich pickings on the internet, duping users into handing over their
personal information."

Top malware-hosting countries

The top ten list of countries hosting malware-infected webpages
in August 2007, reads as follows:

Position

Last
month

Country

Percentage of reports

1

1

China (inc. HK)

44.8%

2

2

United States

20.8%

3

3

Russia

11.3%

4

4

Ukraine

7.7%

5

8=

Poland

2.4%

6

5

Germany

1.6%

7

Re-entry

Netherlands

1.1%

8

Re-entry

Italy

0.9%

9=

8=

Canada

0.8%

9=

7

United Kingdom

0.8%

Others

7.8%

Whilst the top three countries hosting malware-infected webpages
during August have remained unchanged from July, the percentage of
malicious pages hosted by them has dropped by ten percent to 76.6
percent. The proportion of infected pages hosted by the Ukraine has
more than doubled in the last month, and the Netherlands, Italy and
Canada have all re-entered the chart.

"While more than three quarters of infected webpages are hosted
in just three countries, that doesn't mean you only get hit if you
visit websites based in those areas," explained Theriault. "Hackers
are hijacking websites around the world to make them point to
malware on sites based in China, the USA, and Russia.
Cybercriminals don't discriminate when it comes to targeting the
web - they're just out for all they can get."

Top ten email threats

The top ten list of email-based malware threats in August 2007
reads as follows:

While the Pushdo Trojan horse has been around since March, it is
a newcomer to the top ten, accounting for 10.8 percent of all email
borne malware during August. Its rise is down to the fact that
around four new variants of Pushdo are currently being spammed out
every day, in a bid to try and bypass security systems.

"Most malware writers seem to be taking an extended holiday from
spreading their malicious code via email attachments, and are using
spam and the web instead to infect users," said Theriault.
"Criminals are hard at work trying to slip past filters at the
corporate gateway, and businesses must ensure that their security
solutions are kept up-to-date to defend against new virus variants
and new spam techniques before they can strike."

Top ten hoaxes and scams

During August, Sophos continued to see hoaxes and chainletters
spreading between internet users via email. One new hoax, which
took advantage of the growing popularity of social networking
websites, warned that Facebook users who accepted a friend
invitation from a user called Bum_tnoo7 would be
opening themselves up to identity theft. Sophos does recommend that
users of social networking websites take steps to protect their
identities online but this particular warning is bogus.

The top ten list of email hoaxes and scams in August 2007 reads
as follows:

Sophos experts have compiled simple best practice guides to
adopting a multi-layered defense. With blended threats, spam and
phishing attacks on the rise it has never been more important to
educate end users about how best to protect themselves.

About Sophos

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at www.sophos.com/company.